﻿<?xml version="1.0" encoding="utf-8"?>
<sshma:Lithnet.SshMA xmlns:sshma="http://lithnet.local/Lithnet.SshMA.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <ma-capabilities>
    <delta-import>false</delta-import>
    <object-update-mode>AttributeUpdate</object-update-mode>
    <delete-add-as-replace>false</delete-add-as-replace>
    <object-rename-allowed>true</object-rename-allowed>
  </ma-capabilities>

  <schema>
    <schema-attributes>
      <schema-attribute name="accountName" multivalued="false" type ="string" operation="ImportExport"/>
      <schema-attribute name="uid" multivalued="false" type="integer" operation="ImportExport"/>
      <schema-attribute name="gid" multivalued="false" type="integer" operation="ImportExport"/>
      <schema-attribute name="comment" multivalued="false"  type="string"  operation="ImportExport"/>
      <schema-attribute name="expiryDate" multivalued="false" type="integer" operation="ImportExport"/>
      <schema-attribute name="homeDirectory" multivalued="false" type="string" operation="ImportExport"/>
      <schema-attribute name="shell" multivalued="false" type="string" operation="ImportExport"/>
      <schema-attribute name="accountDisabled" multivalued="false" type="boolean" operation="ExportOnly"/>
      <schema-attribute name="member" multivalued="true" type="reference" operation="ImportExport"/>
    </schema-attributes>

    <schema-objects>
      <schema-object object-class="user">
        <dn-format>cn={accountName},ou=users</dn-format>
        <attributes>
          <attribute>accountName</attribute>
          <attribute>uid</attribute>
          <attribute>gid</attribute>
          <attribute>comment</attribute>
          <attribute>homeDirectory</attribute>
          <attribute>shell</attribute>
          <attribute>accountDisabled</attribute>
        </attributes>
      </schema-object>

      <schema-object object-class="group">
        <dn-format>cn={accountName},ou=groups</dn-format>
        <attributes>
          <attribute>accountName</attribute>
          <attribute>gid</attribute>
          <attribute>member</attribute>
        </attributes>
      </schema-object>
    </schema-objects>
  </schema>

  <global-operations>
    <!--<global-operation xsi:type="sshma:global-operation-ImportFullStart"/>
    <global-operation xsi:type="sshma:global-operation-ImportFullEnd"/>
    <global-operation xsi:type="sshma:global-operation-ImportDeltaStart"/>
    <global-operation xsi:type="sshma:global-operation-ImportDeltaEnd"/>
    <global-operation xsi:type="sshma:global-operation-ExportStart"/>
    <global-operation xsi:type="sshma:global-operation-ExportEnd"/>
    <global-operation xsi:type="sshma:global-operation-PasswordStart"/>
    <global-operation xsi:type="sshma:global-operation-PasswordEnd"/>-->
  </global-operations>

  <object-operations object-class="user">
    <object-operation xsi:type="sshma:object-operation-ImportFull">
      <commands>
        <command result-has-objects="true" success-codes="0">cat /etc/passwd</command>
      </commands>
      <import-mapping>
        <object-extract><![CDATA[^(?<accountName>.*?):(?<pwd>.*?):(?<uid>.*?):(?<gid>.*?)((:(?<comment>.*?),(?<personId>.*?):)|(:(?<comment>.*?):))(?<homeDirectory>.*?):(?<shell>.*?)$]]></object-extract>
        <object-filters>
          <!--<object-filter attribute="uid" operator="LessThanOrEq">99</object-filter>
        <object-filter attribute="uid" operator="Equals">65534</object-filter>
        <object-filter attribute="uid" operator="Equals">60001</object-filter>
        <object-filter attribute="uid" operator="Equals">60002</object-filter>-->
          <object-filter attribute="accountName" operator="Equals">svc-fim</object-filter>
        </object-filters>
      </import-mapping>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-ImportDelta">
      <commands>
        <command success-codes="0" result-has-objects="true">cat /etc/passwd</command>
      </commands>
      <import-mapping>
        <object-extract><![CDATA[^(?<changeType>[ard]):(?<accountName>.*?):(?<pwd>.*?):(?<uid>.*?):(?<gid>.*?)((:(?<comment>.*?),(?<personId>.*?):)|(:(?<comment>.*?):))(?<homeDirectory>.*?):(?<shell>.*?)$]]></object-extract>
        <object-filters>
          <!--<object-filter attribute="uid" operator="LessThanOrEq">99</object-filter>
          <object-filter attribute="uid" operator="Equals">65534</object-filter>
          <object-filter attribute="uid" operator="Equals">60001</object-filter>
          <object-filter attribute="uid" operator="Equals">60002</object-filter>-->
          <object-filter attribute="accountName" operator="Equals">svc-fim</object-filter>
        </object-filters>
        <modification-type-mappings capture-group-name="changeType" unexpected-modification-type-action="ignore">
          <modification-type-add>a</modification-type-add>
          <modification-type-replace>r</modification-type-replace>
          <modification-type-delete>d</modification-type-delete>
        </modification-type-mappings>
      </import-mapping>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-ExportAdd">
      <commands>
        <command>/usr/local/bin/sudo /usr/sbin/useradd [-c "{comment}" ][-d {homeDirectory} ][-s {shell} ]-u {uid} -g {gid} {dn:$1}</command>
      </commands>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-ExportModify">
      <commands>
        <command>/usr/local/bin/sudo /usr/sbin/usermod [-c "{comment}" ][-d {homeDirectory} ][-s {shell} ][-u {uid} ][-g {gid} ][-l {accountName} ]{dn:$1}</command>
      </commands>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-ExportDelete">
      <commands>
        <command>/usr/local/bin/sudo /usr/sbin/userdel {dn:$1}</command>
      </commands>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-PasswordSet">
      <commands>
        <async-command>
          <send-when expect="$ " timeout="5">/usr/local/bin/sudo /usr/bin/passwd {dn:$1}</send-when>
          <send-when expect="New Password: " timeout="5">{newpassword}</send-when>
          <send-when expect="assword: " timeout="5">{newpassword}</send-when>
          <success-when expect="password successfully changed for {dn:$1}" timeout="5"/>
        </async-command>
      </commands>
    </object-operation>
  </object-operations>

  <object-operations object-class="group">
    <object-operation xsi:type="sshma:object-operation-ImportFull">
      <commands>
        <command result-has-objects="true">/home/svc-fim/prod/get_groups.py</command>
      </commands>
      <import-mapping>
        <object-extract><![CDATA[^(?<accountName>.+)?:(?<gid>.+)?:(?<members>.+)?$]]></object-extract>
        <multivalue-extracts>
          <multivalue-extract capture-group-name="members" attribute="member"><![CDATA[[\w\d- ]+]]></multivalue-extract>
        </multivalue-extracts>
        <attribute-transformations>
          <attribute-transformation attribute="member" regex-find=".+" regex-replace="cn=$&amp;,ou=users"/>
        </attribute-transformations>
        <object-filters>
          <object-filter attribute="gid" operator="LessThan">100</object-filter>
        </object-filters>
      </import-mapping>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-ExportAdd">
      <commands>
        <command>/usr/local/bin/sudo /usr/sbin/groupadd -g {gid} {dn:$1}</command>
        <command xsi:type="sshma:mv-command" for-each="member">/home/svc-fim/prod/add_member.py {dn:$1} {member:$1}</command>
      </commands>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-ExportModify">
      <commands>
        <command rule-id="groupGidOrAccountNameHasChanged">/usr/local/bin/sudo /usr/sbin/groupmod [-g {gid} ][-n {accountName} ]{dn:$1}</command>
        <command xsi:type="sshma:mv-command" rule-id="groupMemberModified" for-each="member" value-modification="add">/home/svc-fim/prod/add_member.py {dn:$1} {member:$1}</command>
        <command xsi:type="sshma:mv-command" rule-id="groupMemberModified" for-each="member" value-modification="delete">/home/svc-fim/prod/remove_member.py {dn:$1} {member:$1}</command>
        <command rule-id="groupMembersDeleted">/home/svc-fim/prod/remove_members.py {dn:$1}</command>
      </commands>
    </object-operation>

    <object-operation xsi:type="sshma:object-operation-ExportDelete">
      <commands>
        <command>/usr/local/bin/sudo /usr/sbin/groupdel {dn:$1}</command>
      </commands>
    </object-operation>
  </object-operations>

  <rules>
    <rule-group id="groupGidOrAccountNameHasChanged" operator="Or">
      <rule-ref rule-id="groupAccountNameModified"/>
      <rule-ref rule-id="groupGidModified"/>
    </rule-group>
    <rule xsi:type="sshma:rule-AttributeChangeRule" id="groupMemberModified" attribute="member" triggers="Add,Update"/>
    <rule xsi:type="sshma:rule-AttributeChangeRule" id="groupMembersDeleted" attribute="member" triggers="Delete"/>
    <rule xsi:type="sshma:rule-AttributeChangeRule" id="groupAccountNameModified" attribute="accountName" triggers="Add,Update"/>
    <rule xsi:type="sshma:rule-AttributeChangeRule" id="groupGidModified" attribute="gid" triggers="Add,Update"/>
    <rule xsi:type="sshma:rule-AttributePresenceRule" id="AccountNameIsPresent" attribute="accountName" operator="IsPresent"/>
  </rules>

</sshma:Lithnet.SshMA>